Damn, it was too early in the morning.
The correct CVEs (as listed in the advisory below) are CVE-2008-1385 and
CVE-2008-1386.
The correct URLs:
http://int21.de/cve/CVE-2008-1385-s9y.html
http://int21.de/cve/CVE-2008-1386-s9y.html